catalog logoThe IAM Privilege Catalog

services / Google Cloud / Firebase security rules publishing

Manage security rules releases, which define which security rules are live and used by security rules-enabled services.

firebaserules.​releases.​update

When combined with the ability to create arbitrary ruleset context, can allow data escalation. Used alone, an attacker could revert your environment to a known old, insecure ruleset.

Risks

  1. Data escalation (CRITICAL)
  2. Policy destruction (CRITICAL)
  3. Denial-of-access (EVASION)

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​firebase.​google.​com/​docs/​rules

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog